welcome: please sign in

Upload page content

You can upload content for the page named below. If you change the page name, you can also upload content for another page. If the page name is empty, we derive the page name from the file name.

File to load page content from
Page name
Comment
Last name of the author of the GNU Manifesto

Revision 5 as of 2007-06-05 05:35:13

Page Locked

MemberManual / ShellAccess / TroubleshootingKerberos

TableOfContents(2)

Unix

Step 1: turn off your firewall

Make sure any and all firewalls are disabled.

Make sure you can send UDP packets to HCOOP by typing 

traceroute deleuze.hcoop.net

The last line should say "deleuze.hcoop.net" and have NO ASTERISKS. If this is not the case, fix your firewall or your network.

Step 2: check your krb5.conf

Examine your /etc/krb5.conf (or, on MacOS, your /Library/Preferences/edu.mit.Kerberos file).

Make sure that dns_lookup_kdc or dns_lookup_realm options are NOT DISABLED. They should be on-by-default, but just in case your linux distribution packager decided to be retarded and changed that, try adding 

[libdefaults]
  dns_lookup_kdc   = true
  dns_lookup_realm = true

Step 3: make sure your DNS is working

Install the dig program and type 

dig -t SRV _kerberos._udp.hcoop.net

You should see kerberos1.hcoop.net in the output.

Step 4: post to hcoop-discuss

Make sure to include:

  1. Your entire krb5.conf
  2. The output of all the commands in steps 1 and 3.

Client side firewall Setting

If you are using a firewall you might want to open it for UDP packets to and from deleuze.hcoop.net:88. Lines for [http://www.netfilter.org/ iptables] saved rules might look like the following: 

 [0:0] -A INPUT -s 69.90.123.67 -p udp -m udp --sport 88 --dport 1024:65535 -j ACCEPT

 [0:0] -A OUTPUT -d 69.90.123.67 -p udp -m udp --dport 88 --sport 1024:65535 -j ACCEPT

Put them before any rules that conflicts them (and before 'COMMIT' line in the saved rules file).

Windows

Wave a dead chicken over your keyboard and pray.